cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
890
Views
0
Helpful
4
Replies

Association time limit

Glnc66inc
Level 1
Level 1

Is it possible to limit the association time for one user/mac address over a 24 hour period? Client has a hot-spot and wants to make sure it is not abused.

Current system:

wlc 4402, 5.2.193.0

Thanks in advance for the help.

4 Replies 4

Lucien Avramov
Level 10
Level 10

Configure a guest SSID and guest users. Once you dont want to give them access, remove the guest user from the WLC.

If you have a WCS, it will do that automatically for you.

Thanks for the reply.

These users are not 'guest' users. This ssid / vlan is used for a wireless hotspot. Users do not have to register but they would like to limit them to 3 hours or wifi.

hi,  ressurecting an old un-answered post here as this is exactly the feature I'm looking for.

The ability to limit assoc time per client on an un-authenticated public service.

Is it possible on the WLC? Or is it in Guest NAC or something else?

Thanks in advance for any pointers.

OK,  a bright colleague has this idea.

Configure L2 Security MAC Filtering via RADIUS

The RADIUS server keeps a simple table of unique macaddr requests for the day. For each request:

if macaddr not found

    insert macaddr

    send radius accept with attribute 27 session-timeout set to x seconds

else

    send radius reject

fi

;

at midnight clear the table ready for the next day

I need to work it through.

Hopefully I can combine the L3 passthru page to force a branded Acceptable Use Policy. Also would be nice to gracefully disassociate when the session timer expires. Need to look into session logout page -  I'm not that confident that a graceful/polite exit will be possible but will see whats there. Would also be nice if the auth reject could somehow be made informative with a polite message saying the meter has run out.

Anyone have any ideas to add, I'd be most grateful for the post.

Thanks, Graeme

EDIT:  I wonder if RADIUS Attribute 18 Reply-Message "Text that the user will see" can be used to send back informative reject reasons. Then again the client is on an open network and anyway it probably depends heavily on the functionality of the client wifi driver/stack.

"Edited to try and fix whacky text formatting"

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: